If an attacker can execute arbitrary code on your servers, your systems
are almost certainly going to be compromised. You need to take great
care when designing how your web server interacts with the underlying operating
system.

Risks

Prevalence

Common

Exploitability

Moderate

Impact

Devastating

Remote code execution is a major security lapse, and
the last step along the road to complete system takeover. After gaining access,
an attacker will attempt to escalate their privileges on the server,
install malicious scripts, or make your server part of a botnet to be
used at a later date.

Command injection vulnerabilities often occur in older, legacy code,
such as CGI scripts.